Skip to content

Bump default gh-aw-firewall version to v0.27.11 #41554

Description

@lpcox

Request

Bump the default gh-aw-firewall (AWF) version from v0.27.10v0.27.11 and regenerate the pinned workflow artifacts.

Release: https://github.com/github/gh-aw-firewall/releases/tag/v0.27.11
Full changelog: github/gh-aw-firewall@v0.27.10...v0.27.11

Why

v0.27.11 ships the two network-isolation (sandbox.agent.sudo: false) rollout fixes that block sudo: false workflows on standard runners:

These directly unblock sudo: false workflows (e.g. the glossary-maintainer revert in #41426), plus assorted refactors/test-coverage improvements listed in the release notes.

Changes required

  1. Update the default version constantpkg/constants/version_constants.go:76:
    const DefaultFirewallVersion Version = "v0.27.11"
  2. Run the documented rebuild + double-recompile (per the warning comment at version_constants.go:70-75):
    make build && make recompile && make recompile
    The first recompile regenerates all *.lock.yml using the new version; the second refreshes the container SHA pins resolved during the first pass.
  3. Refresh .github/aw/actions-lock.json — the recompile resolves the new agent/api-proxy/squid:0.27.11 pinned image digests (replacing the 0.27.10 entries around lines 245/325/470).
  4. Add a changeset.changeset/patch-bump-awf-v0-27-11.md, matching the existing pattern:
    ---
    "gh-aw": patch
    ---
    
    Bump the default gh-aw-firewall version to v0.27.11 and regenerate pinned workflow artifacts.

Note: this is a firewall-only bump — DefaultGitHubMCPServerVersion / gh-aw-mcpg are unchanged unless a coupled bump is intended.

Acceptance criteria

  • DefaultFirewallVersion == "v0.27.11".
  • All regenerated *.lock.yml reference gh-aw-firewall/{agent,api-proxy,squid}:0.27.11 with refreshed SHA pins.
  • .github/aw/actions-lock.json contains 0.27.11 pinned-image digests.
  • Changeset added.
  • make build and the test suite pass.

Metadata

Metadata

Assignees

Labels

dependenciesPull requests that update a dependency fileenhancementNew feature or requestsecurity

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions